[PATCH] Fix "$upstream_response_length" for upstream requests with buffering off

Maxim Dounin mdounin at mdounin.ru
Thu Apr 11 11:28:29 UTC 2013


Hello!

On Wed, Apr 10, 2013 at 09:38:35PM -0700, Piotr Sikora wrote:

> Hey,
> the value of "$upstream_response_length" variable is being incorrectly
> reported as "0" for upstream requests with buffering off.

Looks like valid problem, thanks for reporting this.

> diff -r 482fda984556 src/http/ngx_http_upstream.c
> --- a/src/http/ngx_http_upstream.c      Wed Apr 10 17:07:44 2013 +0000
> +++ b/src/http/ngx_http_upstream.c      Wed Apr 10 21:29:59 2013 -0700
> @@ -3307,7 +3307,7 @@
>          u->state->response_sec = tp->sec - u->state->response_sec;
>          u->state->response_msec = tp->msec - u->state->response_msec;
> 
> -        if (u->pipe) {
> +        if (u->pipe->read_length) {
>              u->state->response_length = u->pipe->read_length;
>          }
>      }

The patch is wrong as u->pipe might not exists at all, and the 
code will result in null pointer dereference.

Correct patch should be:

--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -3307,7 +3307,7 @@ ngx_http_upstream_finalize_request(ngx_h
         u->state->response_sec = tp->sec - u->state->response_sec;
         u->state->response_msec = tp->msec - u->state->response_msec;
 
-        if (u->pipe) {
+        if (u->pipe && u->pipe->read_length) {
             u->state->response_length = u->pipe->read_length;
         }
     }

Is it looks good for you?

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list